Accept terms of use

app/assets/stylesheets/application.css.scss

@@ -221,6 +221,16 @@ form.schedule {
   margin: 10px;
 }
 
+.term-of-use {
+  margin-top: $header-height + 10px;
+  margin-bottom: $footer-height;
+  padding: 10px;
+}
+
+.term-of-use-button {
+  margin: 10px;
+  float:right;
+}
 
 .kid-mentor-schedules {
   .header {

app/controllers/application_controller.rb

@@ -6,6 +6,7 @@ class ApplicationController < ActionController::Base
 
   before_action :load_site_configuration
   before_action :logout_inactive
+  before_action :terms_of_use
   before_action :authenticate_user!
   before_action :intercept_sensitive_params!
   protect_from_forgery prepend: true, with: :exception
@@ -37,6 +38,10 @@ def load_site_configuration
     @site = Site.load
   end
 
+  def terms_of_use
+    @content = Site.load.terms_of_use_content_parsed
+  end
+
   def logout_inactive
     return true if 'sessions' == controller_name
     return true if controller_name == 'self_registrations'

app/controllers/sites_controller.rb

@@ -18,7 +18,14 @@ def show
   end
 
   def update
-    if @site.update(site_params)
+    @site.attributes = site_params
+    if(@site.terms_of_use_content_changed?)
+      id = current_user.id
+      users = User.where("id != ?", id)
+      users.update_all(terms_of_use_accepted: false)
+    end
+
+    if @site.save
       redirect_to edit_site_url, notice: I18n.t('crud.action.update_success')
     else
       render action: :edit

app/controllers/users_controller.rb

@@ -0,0 +1,19 @@
+class UsersController < ApplicationController
+
+  def edit_terms
+    if(current_user != nil)
+      user = User.find_by(id: current_user.id)
+      user.update(terms_of_use_accepted: true)
+    end
+
+    if current_user.is_a?(Mentor) && current_user.kids.empty?
+      # if a menotr has no kids yet assigned, go to available kids
+      redirect_to available_kids_path
+    elsif current_user.is_a?(Teacher) && current_user.mentor_matchings.pluck(:state).include?('pending')
+      # if teacher has some pending requests from mentors
+      redirect_to mentor_matchings_path
+    else
+      redirect_to root_path
+    end
+  end
+end

app/views/layouts/application.html.haml

@@ -1,3 +1,4 @@
+
 !!!
 %html{lang: "de"}
   %head
@@ -46,39 +47,47 @@
                       %li.divider
                       %li= link_to 'Abmelden', destroy_user_session_path, method: :delete
 
-
-    #sidebar-wrapper
+    - if (user_signed_in? && current_user.terms_of_use_accepted == false)
       .container
-        #sidebar.hidden-xs.hidden-sm
-          %h1.logo
-            - if @site.logo.present?
-              %img{:src => rails_representation_url(@site.logo_medium)}
+        .term-of-use
+          %h1
+            = t('activerecord.attributes.site.terms_of_use_accept.terms_of_use_headline')
+          = @content&.html_safe
+          = button_to t('activerecord.attributes.site.terms_of_use_accept.button_accept'), { action: "edit_terms", :controller=>"users", :method => :get }, { class: 'btn btn-xs btn-success term-of-use-button' }
 
-          - if user_signed_in?
-            .contextual_links_panel.panel.panel-default.hidden-xs.hidden-sm
-              = render 'layouts/actions'
-            = yield :sidebar
+    -else
+      #sidebar-wrapper
+        .container
+          #sidebar.hidden-xs.hidden-sm
+            %h1.logo
+              - if @site.logo.present?
+                %img{:src => rails_representation_url(@site.logo_medium)}
 
-    #main
-      .container
-        .row
-          #content.col-md-offset-3.col-md-9
-            - flash.each do |name, msg|
-              = boot_alert(msg, name) unless msg.blank?
-            = yield
+            - if user_signed_in?
+              .contextual_links_panel.panel.panel-default.hidden-xs.hidden-sm
+                = render 'layouts/actions'
+              = yield :sidebar
 
-      .container
-        .row.visible-xs.visible-sm.hidden-md.hidden-lg
-          - if user_signed_in?
-            .contextual_links_panel.mobile-actions.panel.panel-default
-              = render 'layouts/actions'
+      #main
+        .container
+          .row
+            #content.col-md-offset-3.col-md-9
+              - flash.each do |name, msg|
+                = boot_alert(msg, name) unless msg.blank?
+              = yield
 
-    - if @site.footer_address.present? || @site.footer_email.present?
-      #footer
         .container
-          .col-md12
-            = @site.footer_address
-            - if @site.footer_email.present?
-              = mail_to @site.footer_email, nil, :encode => "hex"
+          .row.visible-xs.visible-sm.hidden-md.hidden-lg
+            - if user_signed_in?
+              .contextual_links_panel.mobile-actions.panel.panel-default
+                = render 'layouts/actions'
+
+      - if @site.footer_address.present? || @site.footer_email.present?
+        #footer
+          .container
+            .col-md12
+              = @site.footer_address
+              - if @site.footer_email.present?
+                = mail_to @site.footer_email, nil, :encode => "hex"
 
 -

config/locales/future_kids.de.yml

@@ -247,6 +247,9 @@ de:
         public_signups_active: öffentliche Registrierungen aktiv
         title: Titel des Browsertabs
         css: Seitenspezifisches CSS
+        terms_of_use_accept:
+          terms_of_use_headline: "Bitte akzeptieren sie die geändertern Nutzungsbedingungen"
+          button_accept: "Nutzungsbedingungen Akzeptieren"
       substitution:
         kid: "Kind"
         mentor: "Mentor/in"

config/routes.rb

@@ -42,6 +42,11 @@
   resources :teachers
   resources :principals
   resource :site
+  resource :user do
+    member do
+      post 'edit_terms'
+    end
+  end
   resources :substitutions do
     member do
       put 'inactivate'

db/migrate/20220317103456_add_terms_of_use_accepted_to_users.rb

@@ -0,0 +1,5 @@
+class AddTermsOfUseAcceptedToUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :users, :terms_of_use_accepted, :boolean, default: false
+  end
+end

spec/factories.rb

@@ -25,6 +25,7 @@
 
   factory :admin, class: 'Admin', parent: :user do
     sequence(:email) { |n| "admin_#{n}@example.com" }
+    terms_of_use_accepted { true }
   end
 
   factory :mentor, class: 'Mentor', parent: :user do
@@ -38,6 +39,7 @@
     city { 'city' }
     dob { '1.1.1990' }
     phone { '123456798' }
+    terms_of_use_accepted { true }
 
     to_create { |instance| instance.save(validate: false) }
   end
@@ -48,6 +50,7 @@
     sequence(:prename) { |n| "Mentor prename#{n}" }
     association :school
     phone { '123456798' }
+    terms_of_use_accepted { true }
   end
 
   factory :principal, class: 'Principal', parent: :user do

spec/requests/site_configuration_spec.rb

@@ -25,4 +25,32 @@
     expect(page).to have_css('h1', text: 'last1, first1')
     expect(page).to have_css('h2', text: 'Gesprächsdokumentationen')
   end
+
+  scenario 'After edit terms of use other users must accept it after login' do
+    @teacher = create(:teacher)
+    log_in(create(:admin))
+    visit edit_site_url
+    fill_in 'Nutzungsbedingungen', with: 'Terms of use'
+    click_button 'Seitenweite Konfiguration aktualisieren'
+    click_link 'Abmelden'
+
+    visit new_user_session_path
+    fill_in 'user_email', with: @teacher.email
+    fill_in 'user_password', with: @teacher.password
+    click_button 'Anmelden'
+
+    expect(page).to have_button('Nutzungsbedingungen Akzeptieren')
+  end
+
+  scenario 'User after login must accept terms of use' do
+    @teacher = create(:teacher, terms_of_use_accepted: false)
+
+    visit new_user_session_path
+    fill_in 'user_email', with: @teacher.email
+    fill_in 'user_password', with: @teacher.password
+    click_button 'Anmelden'
+
+    click_button 'Nutzungsbedingungen Akzeptieren'
+    expect(page).to have_content('Erfolgreich angemeldet')
+  end
 end